5555

Kaspersky reports that North Korean state-sponsored actor Kimsuky conducted spearphishing attacks against South Korean organizations and individuals using malicious document attachments and multiple dropper formats (JSE, PIF, SCR, EXE) to deploy malware from two primary clusters (PebbleDash and AppleSeed); the attackers leveraged legitimate tools (VSCode, DWAgent) for post-exploitation and uploaded infection logs to Dropbox used as a C2 for httpMalice, with Kaspersky assessing medium–high confidence in Kimsuky affiliation.